The GlobalProtect portal uses this certificate profile
to match the machine certificate sent by the GlobalProtect app.
For a successful match, the machine certificate must be signed and
issued by the same CA certificate and (optional) template that you configure
in the certificate profile. If you do not configure a template,
the machine certificate matches based on only the configured CA
After the GlobalProtect app collects machine certificates
from connecting endpoints (as defined in Step 3), it
sends the certificates to the portal to match against the certificate
profile that you specify in the config selection critiera for each agent
configuration. If an endpoint matches all config selection criteria
for an agent configuration, the portal pushes that agent configuration
to the endpoint.
To deliver your agent configuration to connecting endpoints
based on the endpoints’ machine certificate, use the following steps:
Config Selection Criteria
In the Machine Certificate Check area, select a
to match against the machine certificates installed
on the endpoints.